"An In Game advertisement system has been added through billboard style ads that are streamed by Massive Incorporated."
After reading up a bit on the Planetside web forums, I found that they are ads for drink products (Fanta, Coca-Cola), movies, and T.V. programs. At least so far, the adverts seem to be relatively innocuous.
However, not being one who can let well enough alone, I decided to find out a bit more about the adverts and Massive, the company who's code is handling the ad process. What I found shocked and upset me. Not only are Massive and SOE placing ads into the game, they are collecting data and statistics on those ads, and the software they load into your system does the collecting and reporting for them.
"What kind of data" you say? Well I'm glad you asked. According to research data obtained by two investigators (I will go over their report in more detail later), the software collects data on which ads you viewed, how many times you viewed them, how long you viewed them, from what angle you viewed them and from what distance. All this data is then sent back to Massive's servers when you close out the game, and used to hit you with more ads tailored to your personal viewing preferences.
Now, if this type of thing sounds familiar, it's because you have heard of it before. It's called Spyware. That's right, SOE has just put spyware into Planetside!
Now, I realize that this a pretty serious accusation, so before you pop off and send me an e-mail telling me what an idiot I am and to put my tinfoil hat away, please read on...
Initially I suspected that SOE was simply adding static ads into the play areas and the ads were changed on a rotating basis. However I soon realized that something more was afoot. My first clue was one of the other players posting on the planetside message boards about how he blocked the ads from showing up. The method he used employed the hosts file on his PC, a method that would be ineffective and completely unnecessary if the ads were static content delivered as part of the Planetside world textures.
I then decided to do a bit of investigation on my own. After googling around a bit for information on Massive, I came across several pieces of interesting information. First of all, I naturally ran across Massive's website. As you can see, They have a large and growing customer base. This is despite only having been around for a very short time. The hunger to spam gamers with ads while in-game is apparently rather large.
I then came across an entry in the forums over at broadbandreports.com. This entry also mentions the same method for blocking Massive's adstream that was posted (and deleted by mods) over at the Planetside forums. Again, this implies quite a bit more than simple static delivery of ad content, as does the information available over at Massive's website. Specifically, this line from a PR newswire story is particularly telling:
"The Massive AdClient SDK integrates into video game engines at the
development stage and handles all connections and communications with
Massive's AdServer, allowing the game to dynamically download advertising,
contextually into the game".
Ok, so we now know that something is being loaded up into our machines. But what? More importantly, what does it do? This is what guided my next set of searches. What I found would send chills through anyone even mildly privacy minded.
Two intelligent game players had run into Massive's advertising on another game, SWAT4. Intrigued and concerned about the annoyance of adverts invading their game, they performed some in-depth investigation of their own, and posted their results online.
They go into great detail on all that they discovered during their investigation, including quite a bit on exactly what the Massive AdClient does. What really startled me was the following section in their online data:
"The client contacted madserver to tell the advertisers how long the gamer spent with each advert in their view. This is mapped to the gamer id, so they know which player in the game saw the advert, and when, for how long, and from how far away (by virtue of the size attribute). Even the average viewing angle is passed back".
This is startling. Apparently the AdClient doesn't just collect generic statstics on which ads were seen and for how long (which is very invasive as it is) but it is tied directly to a unique "gamer id". Below is an excerpt from the code posted at the afore mentioned website which shows an example of this id:
As you can see, there is a unique number generated for use as a gamer id and this is sent back to Massive's servers along with a session Id and a timestamp. Unfortunately I was unable to determine with certainty if the gamer Id is always the same, as it is not stated on the researcher's website, and I was unable to reach the authors for comment by promised post time. I will update this article as necessary if I receive any response to my queries.
This leaves us a few questions. Why the need for a gamer Id, and what is it used for? It doesn't take much pondering to conclude that the gamer Id is used for tracking individual gamers and their ad-viewing preferences. As opposed to simply tracking the general ad viewing preferences of a given game population. If the data gathered was simply to be agreggated into a large data pool with no unique Id other than which game was played, there would be no need whatsoever for the gamer Id function.
This raises other serious privacy concerns. If the gamer Id is indeed unique to each player (and there really is no reason to assume otherwise) then it is a very short leap of logic to the possibility of tying that unique gamer Id to your game login (in SOE's case, your Station Id), and from there to your billing information and thusly your personally identifiable information.
So there it is. SOE and Massive collecting potentially personally identifiable information on all thier users, for use in hitting them with ads to provide an additional revenue stream over and above the already confiscatory monthly subscriptions we all pay to play these games.
What I find highly interesting is the changes to the Planetside EULA that SOE has made. Specifically the differences in section 12, regarding privacy.
I happen to have Planetside installed on two different PC's. One I patched up to the latest version, the other is about 3 months old, as I haven't used that machine to play Planetside more than once. Here is the last paragraph of section 12 from the Old EULA:
You acknowledge that any and all character data is stored and is resident on our servers, and any and all communications that you make within the Game (including, but not limited to, messages solely directed at another player or group of players) traverse through our servers, may or may not be monitored by our personnel, you have no expectation of privacy in any such communications and you expressly consent to monitoring of communications that you send and receive. You acknowledge and agree that we may transfer such information (including, without limitation your personally identifiable information or personal data) to the United States or other countries or may share such information with our licensees and agents in connection with the Game.
This would appear to be primarily directed towards player actions in-game, with the idea of heading off any privacy related complaints and/or legal issues. Notice the last sentence. This appears to be deliberately aimed at giving SOE the right to do pretty much whatever they want with our billing information. This is more than a bit disturbing, and this is the old EULA! Here is the same paragraph from the New EULA:
Just for the record, the highlighting is not mine. SOE put that text in bold themselves. (although I formatted in italics) It is interesting that they made sure to bold that particular sentence. It is as if they knew that what they were doing would be offensive to many of thier playerbase, and they put that in to head off any complaints. Then of course, there is the inclusion of the new trailing paragraph regarding Massive. Take particular note of the last three sentences regarding personally identifiable information. Interesting that they would take such pains to first state that they can use your personally identifiable information, but then turn right around and state that they won't actually gather that data.
Of course, we already know that to a be a lie, due to the inclusion of a unique "gamer Id" in the data returned to Massive at the conclusion of a game session. As I stated before, there is no logical reason to include a unique "gamer Id" unless you intend to collect personally identifiable information! This is Massive's software, they could have written it to not create or need a "gamer Id". But they specifically chose to write this into the software. The only conclusion one can logically draw is that they intend to use this data to personally identify individual gamers within the game.
We do not currently utilize cookies and we do not place persistent data or install persistent tracking mechanisms on Gamers' computers.
And yet, they do indeed install persistent tracking mechanisms onto Gamers' computers! You may well wonder what the basis is for this accusation. Upon reading through the research I previously mentioned I began to suspect that something beyond the ad textures had to be added to the game to facilitate data gathering and tracking, as this ability was not likely to have been tracked or gathered before the addition of the Massive "service".
I compared the Planetside directories on my machine that hadn't had Planetside updated in about 3-4 months with the one that was fully up to date. There were 3 specific and obvious differences between the two machine's Planetside directories. One was the inclusion of a new sub-directory named "massive_data" Initial inspection of this directory showed it was empty.
There were also two new DLL files added to the main Planetside Directory. These included "msvcr71.dll", which is nothing more than Microsoft's .Net 1.1 programming library. Obviously something new that needed .Net to function had been added to Planetside. This is where the second DLL file comes in. Named "m4d.dll" this is the dark horse file. Examining this file in Notepad is initially unrevealing, as most of it is in ASCII text, and unreadable. However, about 7/8ths of the way down the file, we run into something more readable:
MMT_SetNetworkCreationFunction@@YAXP6APAVNetDriver@MassiveAdClient@@XZ@Z MMT_CancelRequest MMT_DeInitialize MMT_FlushImpressionCache MMT_Free MMT_GetBinaryData MMT_GetCrex MMT_GetCurrentCrexForInventoryElement MMT_GetCurrentTime MMT_GetID MMT_GetInventoryElementHandle MMT_GetName MMT_GetNextCrexForInventoryElement MMT_GetSize MMT_GetStatus MMT_GetType MMT_GetVersion MMT_GetZoneHeaders MMT_Initialize MMT_JoinSession MMT_LeaveSession MMT_Malloc MMT_NetUpdate MMT_SetMemoryAllocators MMT_ShareSession MMT_UpdateInventoryElement
Not being a programmer myself, I am admittedly a tad bit in the dark on what everything here means. Judging by the first line though, it would appear to be a series of function calls within the DLL that allow it to operate as the AdClient, or to provide that functionality to other portions of the software that have been embedded into the main Planetside software. Here is what we are after, the actual software that delivers the ads to gamers, and the Gamers' information to Massive.
One question remains. What do we do about it? We cannot alter the software without risking violation of the EULA and cancellation of our accounts. Also, with the built-in update feature Planetside has, even deletion of the offending DLL files may not make a difference. The next time the game is started it will update and the DLLs will simply be replaced.
Gamers in the United States have no legal recourse as Privacy laws regarding collection of private information by corporate entities are ambiguous at best. EU gamers can take heart though, Privacy laws in the EU are very strict, and this type of approach is not likely to fly there.
For those of us in countries where laws have not been updated to force companies to be more responsible, we do indeed have recourse. A simple modification to the Hosts file on your PC can prevent the Massive software from contacting thier servers and transmitting any precious personal data. Simply open the Hosts file using Notepad. If you don't know where it is on your PC, just use the Windows search function (Start -> Search) and have it look in hidden and system files for "hosts". Once you have the file open, simply add these lines to your hosts file:
After the "localhost" line. This "blackholes" the Massive adservers, and when the AdClient attempts to make outbound contact to either those servers or IP's, it gets looped back to the PC itself and the connection dies. Alternately, if you have a router with configurable IP routing, you could also block access to thier servers from there.
EDIT: I originally had these three lines also listed in the section above:127.0.0.1 188.8.131.52But as a sharp reader pointed out, the hosts file is not used when Windows makes a direct IP connection. If you wish to block these IP's, you will have to do it using a software firewall, hardware firewall, or a static routing table in Windows. I don't know how I missed that one, I must be slipping.
Not only does this prevent access to thier servers, but it also appears to kill the AdClient function altogether, as even replacing the ad files into the "massive_data" folder from copies stored elsewhere on the PC does not return function to the ads after the hosts file has been modified. Instead the poster elements simply display the SOE logo while playing the game.
In conclusion, I would recommend to all players of Planetside, and any other game that uses the Massive technology to immediately employ this blocking strategy and prevent this type of data collection from happening.
It is up to the Gaming Community to stand up together and tell gaming companies that we will not put up with this type of invasive technology being added to our games. Gaming companies need to understand that we have already paid a pretty penny to play thier game, and we will not allow ourselves to be leeched off of while receiving nothing but visual annoyance in return. We may be forced to accept the EULA when we start the game, but we do not accept invasion of our privacy and forced advertisements in game.